A Novel PCA-Based Network Anomaly Detection

Callegari, Christian; Gazzarrini, Loris; Giordano, Stefano; Pagano, Michele; Pepe, Teresa

doi:10.1109/icc.2011.5962595

Cited by 43 publications

(23 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This means that PCA is still useful to detect new types of anomalies, something mandatory in real world anomaly detection. The most referred work for PCA anomaly detection is that of Lakhina et al [7], form which alternative proposals have been developed [20][21] [22] [23]. One of them, the MSNM methodology [8], is the base of the approach of this paper.…”

Section: Related Workmentioning

confidence: 99%

Semi-Supervised Multivariate Statistical Network Monitoring for Learning Security Threats

Camacho

Maciá‐Fernández

Fuentes-Garcia

et al. 2019

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

This paper presents a semi-supervised approach for intrusion detection. The method extends the unsupervised Multivariate Statistical Network Monitoring approach based on Principal Component Analysis by introducing a supervised optimization technique to learn the optimum scaling in the input data. It inherits the advantages of the unsupervised strategy, capable of uncovering new threats, with that of supervised strategies, able of learning the pattern of a targeted threat. The supervised learning is based on an extension of the gradient descent method based on Partial Least Squares (PLS). Moreover, we enhance this method by using sparse PLS variants. The practical application of the system is demonstrated on a recently published real case study, showing relevant improvements in detection performance and in the interpretation of the attacks.

show abstract

Section: Related Workmentioning

confidence: 99%

Semi-Supervised Multivariate Statistical Network Monitoring for Learning Security Threats

Camacho

Maciá‐Fernández

Fuentes-Garcia

et al. 2019

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

show abstract

“…These eigenvectors are the principal directions. The eigenvectors are most explanatory that holds most of the information about the entire dataset by which the rebuilding error gets decreased [8]. For practical anomaly detection issues, the size of the data set is ordinarily substantial.…”

Section: Online Anomaly Detectionmentioning

confidence: 99%

A Comprehensive Survey on Online Anomaly Detection

Pawar¹,

Mahindrakar²

2015

IJCA

View full text Add to dashboard Cite

Anomaly is a data point that does not follow to the normal points describing the data. Anomaly detection has vital applications in data cleaning and moreover in the mining of anomalous points for fraud recognition, intrusion detection, stock market analysis, customized marketing, system sensors, and email spam detection. Discovering anomalous points among the data points is the fundamental thought to find out an anomaly. Anomaly detection signals out the objects mostly deviating from a particular data set. The majorities of the anomaly detection techniques are normally implemented in batch mode, and so cannot be essentially reached out to largescale problems without giving up the reckoning and memory requirements. To address this problem, existing online anomaly detection technique with oversampling and Principal Component Analysis (PCA), aim at identifying presence of anomalies from a big amount of data via an online updating technique. The oversampling strategy is used to duplicate the target instance and balance the data set and the PCA is used as a renowned unsupervised dimension reduction method, which determines the principal directions of the data distributions. Inspite of the duplication, the computation and memory requirement is reduced using an online updation technique. Thus present framework is ideal for online applications which have reckoning or memory restrictions. General TermsData Mining, Outlier Detection.

show abstract

“…Perhaps the most well-known method is principal component analysis (PCA) [3], [4], [5]. It has been researched extensively in network anomaly detection [6], [7]. However, it has some problems, such as the fact that it cannot handle nonlinear data.…”

Section: Related Researchmentioning

confidence: 99%

An Efficient Network Log Anomaly Detection System Using Random Projection Dimensionality Reduction

Juvonen

Hämäläinen

2014

2014 6th International Conference on New Technologies, Mobility and Security (NTMS)

View full text Add to dashboard Cite

Abstract-Network traffic is increasing all the time and network services are becoming more complex and vulnerable. To protect these networks, intrusion detection systems are used. Signature-based intrusion detection cannot find previously unknown attacks, which is why anomaly detection is needed. However, many new systems are slow and complicated. We propose a log anomaly detection framework which aims to facilitate quick anomaly detection and also provide visualizations of the network traffic structure. The system preprocesses network logs into a numerical data matrix, reduces the dimensionality of this matrix using random projection and uses Mahalanobis distance to find outliers and calculate an anomaly score for each data point. Log lines that are too different are flagged as anomalies. The system is tested with real-world network data, and actual intrusion attempts are found. In addition, visualizations are created to represent the structure of the network data. We also perform computational time evaluation to ensure the performance is feasible. The system is fast, finds real intrusion attempts and does not need clean training data.

show abstract

A Novel PCA-Based Network Anomaly Detection

Cited by 43 publications

References 13 publications

Semi-Supervised Multivariate Statistical Network Monitoring for Learning Security Threats

Semi-Supervised Multivariate Statistical Network Monitoring for Learning Security Threats

A Comprehensive Survey on Online Anomaly Detection

An Efficient Network Log Anomaly Detection System Using Random Projection Dimensionality Reduction

Contact Info

Product

Resources

About